Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc.
A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt on my router.1 After accessing the LuCI, which is the web interface of OpenWrt, I noticed that there is a section called Attended Sysupgrade, so I tried to upgrade the firmware using it.
After reading the description, I found that it states it builds new firmware using an online service.
I mean why use SHA256 if you’re just going to truncate it to effectively 48 bits?